Monthly Archives: September 2017

You may be aware of the recent massive Equifax security breach and the Company’s explanation surrounding a vulnerability in Apache Struts (CVE-2017-5638) disclosed by US CERT in early March 2017. Some reports have implied that the company has somehow blamed Apache Software Foundation for the breach, specifically by not moving quickly enough to address the security flaw. Apache has responded to these allegations clearly and concisely. In light of this incident, we thought this a good opportunity to help provide some clarity concerning third-party work and open source components, in general, as they pertain to ArcaOS and Arca Noae’s position regarding their fitness for use, and who is ultimately responsible to maintain his or her or, in the case of enterprise use, its own systems.

Arca Noae includes several components in ArcaOS developed by reputable third parties, including IBM, Apple, and others. Some of these components are open source, as well, meaning that the code for compiling these components into machine-readable form is freely available to the public. Open source software is often more secure than proprietary software, by nature of the fact that many (sometimes thousands) of developers around the world contribute to the code. This (often massive) group effort allows such projects to react quickly when flaws are discovered, and to work to constantly monitor and maintain the software. However, whether proprietary or open source, Arca Noae may have no control whatsoever over these components, inherent flaws, or as-yet-undisclosed security issues.

It is Arca Noae’s position that each ArcaOS licensee (whether an individual or an enterprise) bears the sole responsibility to consider his or her or its own interests and security. While we do what is within the realm of reasonable possibility to stay abreast of current trends and vulnerability disclosures (CVEs), we cannot guarantee that all issues will be identified and/or reported to our users by us. Thus, best practices dictate that each user remain vigilant and aware of the connected ecosystem in which we live and to take steps to mitigate his or her or its own risks.

Arca Noae welcomes reports from our users of disclosed and non-disclosed vulnerabilities. While we normally encourage our users to avail themselves of our Mantis ticketing system to report issues, those of a sensitive nature (such as an as-yet-undisclosed or little-known security flaw in a bundled component) should be reported through our contact page.

We would also like to take this opportunity to remind all of our ArcaOS licensees that ArcaOS does not utilize telemetry of any kind to communicate with us. We firmly believe that when a user licenses a copy of ArcaOS, his or her or its data should remain on the system as directed by the user, shared only by the user, and with the user’s full knowledge and consent.

The next exciting update to ArcaOS 5.0 is in the making, too. Watch the Arca Noae blog for a release announcement in the coming weeks.

Arca Noae is pleased to announce the immediate availability of a new release of our MultiMac NIC driver package.

This package contains updated drivers to incorporate enhancements and fixes in the system libraries, particularly a fix that can prevent unexplained hangs on busy multi-CPU systems. Because the change is in a system library, this update affects all the MultiMac drivers.

The E1000B driver also received an update to the driver itself.

As always, please read the .txt file that comes with each driver and also provided on the wiki. If you have problems with any of the drivers in this release, please read the Debugging Guide in the wiki first. If your problem cannot be resolved with the Debugging Guide, then the problem should be reported to the ticketing system.

More information about the MultiMac NIC drivers may be found in the wiki.

If you have ArcaOS, this driver package is available for download from the Arca Noae website as part of the Support & Maintenance subscription for your ArcaOS product. Please log into your account and see your ArcaOS order details page to access your software.

If you are still running OS/2 and/or eComStation systems and haven’t yet purchased a software subscription, this is a great reason to do so now. It may also be a good time to consider moving up to ArcaOS.

Arca Noae is pleased to announce the immediate availability of our ACPI Driver Package for ArcaOS, OS/2, and eComStation version 3.23.07.

This release contains a fix for a defect that exists in all versions of all SMP kernels which can cause unexplained traps and possible data corruption.

The effect of the defect occurs very rarely and only on multi-CPU systems, but the possibility of seeing it increases on faster and busier systems.

Because of the serious nature of this defect, this update is highly recommended for all SMP kernel users.

The ACPICA module was also updated to the latest version from Intel.

If you have ArcaOS, this driver package is available for download from the Arca Noae website as part of the Support & Maintenance subscription for your ArcaOS product. Please log into your account and see your ArcaOS order details page to access your software.

If you are still running OS/2 and/or eComStation systems and haven’t yet purchased a software subscription, this is a great reason to do so now. It may also be a good time to consider moving up to ArcaOS.